π΄ Why CSP Isn't Enough to Stop Magecart-Like Attacks π΄
π Read
via "Dark Reading: ".
As Magecart and formjacking attacks become more sophisticated, it's essential to address not only what services may interact with users, but what that interaction looks like and how to control it.π Read
via "Dark Reading: ".
Darkreading
Why CSP Isn't Enough to Stop Magecart-Like Attacks
As Magecart and formjacking attacks become more sophisticated, it's essential to address not only what services may interact with users, but what that interaction looks like and how to control it.
β More Than Half of IoT Devices Vulnerable to Severe Attacks β
π Read
via "Threatpost".
A full 98 percent of all IoT device traffic is unencrypted, exposing personal and confidential data on the network.π Read
via "Threatpost".
Threat Post
More Than Half of IoT Devices Vulnerable to Severe Attacks
A full 98 percent of all IoT device traffic is unencrypted, exposing personal and confidential data on the network.
π Media and e-commerce brands are top targets for phishing attacks π
π Read
via "Security on TechRepublic".
Some 84% of phishing URLs seen by content delivery network Akamai were abusing media and e-commerce companies.π Read
via "Security on TechRepublic".
TechRepublic
Media and e-commerce brands are top targets for phishing attacks
Some 84% of phishing URLs seen by content delivery network Akamai were abusing media and e-commerce companies.
π Trend Micro VP talks cloud security, IoT risks, and ransomware π
π Read
via "Security on TechRepublic".
In an interview at RSA 2020, Greg Young, the vice present of cybersecurity at Trend Micro, said that companies need to focus on cloud security posture management to make sure all cloud instances are configured correctly and securely.π Read
via "Security on TechRepublic".
TechRepublic
Trend Micro VP talks cloud security, IoT risks, and ransomware
In an interview at RSA 2020, Greg Young, the vice present of cybersecurity at Trend Micro, said that companies need to focus on cloud security posture management to make sure all cloud instances are configured correctly and securely.
π Hackers are working harder to make phishing and malware look legitimate π
π Read
via "Security on TechRepublic".
A Trend Micro report finds that spammers are using public and hosted cloud infrastructure to slip malicious emails past security defenses.π Read
via "Security on TechRepublic".
TechRepublic
Hackers are working harder to make phishing and malware look legitimate
A Trend Micro report finds that spammers are using public and hosted cloud infrastructure to slip malicious emails past security defenses.
β New TrickBot Variant Updates Anti-Analysis Tricks β
π Read
via "Threatpost".
A new TrickBot variant shows that the malware is continuing to swap out new anti-analysis and persistence tactics.π Read
via "Threatpost".
Threat Post
New TrickBot Variant Updates Anti-Analysis Tricks
A new TrickBot variant shows that the malware is continuing to swap out new anti-analysis and persistence tactics.
ATENTIONβΌ New - CVE-2012-1101
π Read
via "National Vulnerability Database".
systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).π Read
via "National Vulnerability Database".
β S2 Ep30: Letβs Encrypt, ULTRASOUND attacks, backups for ransom β Naked Security Podcast β
π Read
via "Naked Security".
Listen to the latest episode now!π Read
via "Naked Security".
Naked Security
S2 Ep30: Letβs Encrypt, ULTRASOUND attacks, backups for ransom β Naked Security Podcast
Listen to the latest episode now!
π΄ Blacklists Miss 21% of Phishing Attacks, Internet Traffic Reveals π΄
π Read
via "Dark Reading: ".
Visibility into phishing attacks by content delivery networks and security firms shows many domains fail to be classified as malicious.π Read
via "Dark Reading: ".
Darkreading
Blacklists Miss 21% of Phishing Attacks, Internet Traffic Reveals
Visibility into phishing attacks by content delivery networks and security firms shows many domains fail to be classified as malicious.
β Wormable, Unpatched Microsoft Bug Threatens Corporate LANs β
π Read
via "Threatpost".
CVE-2020-0796 affects version 3.1.1 of Microsoftβs SMB file-sharing system and was not included in Patch Tuesday.π Read
via "Threatpost".
Threat Post
Microsoft Releases Patch for Wormable Bug That Threatens Corporate LANs
CVE-2020-0796 affects version 3.1.1 of Microsoftβs SMB file-sharing system and was not included in Patch Tuesday, but patched the following day.
β Microsoft leaves critical bug unpatched on Patch Tuesday β
π Read
via "Naked Security".
Microsoft fixed bugs across a range of products on patch Tuesday, issuing patches for 115 distinct CVEs, with 26 rated critical.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Gender Equality in Cybersecurity Could Drive Economic Boost π΄
π Read
via "Dark Reading: ".
If the number of women in cybersecurity equaled the number of men, the US would see an economic gain up to $30.4 billion, research shows.π Read
via "Dark Reading: ".
Dark Reading
Gender Equality in Cybersecurity Could Drive Economic Boost
If the number of women in cybersecurity equaled the number of men, the US would see an economic gain up to $30.4 billion, research shows.
β TRRespass research reveals rowhammering is alive and well β
π Read
via "Naked Security".
"TRRespass" is a new trick for rowhammering - an attack where you write to a memory chip by reading it over and over (and over) again.π Read
via "Naked Security".
Naked Security
TRRespass research reveals rowhammering is alive and well
βTRRespassβ is a new trick for rowhammering β an attack where you write to a memory chip by reading it over and over (and over) again.
π΄ How the Rise of IoT Is Changing the CISO Role π΄
π Read
via "Dark Reading: ".
Prepare for the future by adopting a risk-based approach. Following these five steps can help.π Read
via "Dark Reading: ".
Darkreading
How the Rise of IoT Is Changing the CISO Role
Prepare for the future by adopting a risk-based approach. Following these five steps can help.
ATENTIONβΌ New - CVE-2013-1753
π Read
via "National Vulnerability Database".
The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2011-2487
π Read
via "National Vulnerability Database".
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.π Read
via "National Vulnerability Database".
π΄ I Want to Work in Industrial IoT Security. What Lingo Do I Need to Know? π΄
π Read
via "Dark Reading: ".
Should you happen to be in a meeting with an ICS vendor, here are some terms you will need to know so as to not be laughed out of the room.π Read
via "Dark Reading: ".
Dark Reading
I Want to Work in Industrial IoT Security. What Lingo Do I Need to Know?
Should you happen to be in a meeting with an ICS vendor, here are some terms you will need to know so as to not be laughed out of the room.
β Phishing Attack Skirts Detection With YouTube β
π Read
via "Threatpost".
Attackers are using YouTube redirect links, whitelisted by various security defense mechanisms, to evade detection.π Read
via "Threatpost".
Threat Post
Phishing Attack Skirts Detection With YouTube
Attackers are using YouTube redirect links, whitelisted by various security defense mechanisms, to evade detection.